<?php

require "../../utility.php";

$conn = connect_mysql();
$user_id = getUserIdBySessionId($conn);

http_response_code(403);

if ($user_id !== null &&
    check_keys($_GET, "id")) {
    // 检查权限
    $user_permission = getUserPermissionByUserId($conn, $user_id);
    if ($user_permission >= 1) {
        $id = $_GET["id"];
        $update_str = "UPDATE Orders SET status = 2 WHERE ID = ? AND status = 1;";
        $update_stmt = $conn->prepare($update_str);
        $update_stmt->bind_param("s", $id);

        if ($update_stmt->execute()) {
            http_response_code(200);
        }
    }
}

?>